Can apache httpd support oauth2 client credential flow?

Asked May 01 '23 at 18:06

Active May 02 '23 at 06:28

Viewed 82 times

Is it possible to configure Apache httpd to support the client authorization flow (oauth2) for accessing an API as a machine to machine connection.

The scenario is as follows: a legacy application which does not support oauth2 should use Apache httpd to forward the request to a protected API (machine to machine). Apache httpd should implement the client authorization flow, i.e. read the token from the token endpoint using client id and client secret and add the token to the api request.

I tried already mod_auth_openidc:

SSLProxyEngine on
ProxyPass /api/ https://apiserver/api/v1/
ProxyPassReverse /api/ https://apiserver/api/v1/

OIDCOAuthServerMetadataURL https://authserver/auth/realms/default/.well-known/openid-configuration
OIDCClientID myid
OIDCClientSecret mysecret

<Location /api >
        AuthType oauth20
        Require all granted
</Location>

But this does not read the token from the authserver and does not add it to the request.

Maybe mod_sts is the right way, but the documentation is difficult to understand.

edited May 02 '23 at 06:28

asked May 01 '23 at 18:06

mmehl

Can apache httpd support oauth2 client credential flow?

0 Answers0